SSL_read error on multiple simultaneous upstream SSL downloads

Maxim Dounin mdounin at mdounin.ru
Mon Oct 21 19:49:37 UTC 2013


Hello!

On Mon, Oct 21, 2013 at 05:50:31PM +0000, Agent Coulson wrote:

> Hi!
> 
> thanks for that input, I have done some debugging and examined the SSL
> context when this state arrises.  Two SSL* structs (from different
> connections) point to the same packet data.  Disabling the read_ahead flag
> mitigates this.
> 
> I've attached a patch, after applying I was unable to repro using
> openssl-1.0.1e.
> 
> I'll submit a report to the upstream openssl project.

Disabling the read_ahead as a workaround looks wrong for me.  
While it probably reduces a chance for a problem to appear, it's 
likely still there.

Have you tried looking into the OpenSSL code to find out what 
causes the actual problem?

I think it's likely SSL_MODE_RELEASE_BUFFERS related (and I indeed 
can't reproduce the error without SSL_MODE_RELEASE_BUFFERS set), 
but I don't see any obvious problems in the code.

-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx-devel mailing list